Great video on operationalizing vulnerability threat intelligence! I'm curious, what are the key challenges you typically face when integrating threat intelligence into existing security workflows?
@nucleussec
Ай бұрын
Thanks for the comment and question @JossOrtan. For security practitioners integrating threat intelligence into existing security workflows, we often see several common challenges. This isn't a comprehensive list, but hopefully helps provide context and builds on the content of the video. For starters, organizational adoption of threat intelligence can affect trust in existing workflows. As workflows are changed and findings are adjusted based on what the new data tells us, it can create a period of transition and evaluation. There's also a data overload concern. Too much intelligence without proper prioritization can cause confusion and affect how the organization handles remediating existing findings. Trust issues also exist when approaching the sources of threat intelligence. Can you rely on them to make extremely important security risk decisions? As these decisions can happen multiple times a day, vetting security threat intelligence data is vitally important. Finally, we have to consider the ability to automate on key moments in the analysis pipeline that properly utilizes the threat intelligence data you are consuming. Is the integration of the threat intelligence data adding on hours and hours over time of required manual analysis to security events? Or is there a pathway to consuming the information and allowing the applied automation to make those decisions in seconds? These are some considerations that arise when integrating threat intelligence. Of course, there are other, more organization-specific challenges. If you have any other questions, contact us - we're happy to chat!
Пікірлер: 2